A security vulnerability came to light recently that affects Internet Explorer 6, Internet Explorer 7 and even Internet Explorer 8 that can be used to record keystrokes of a user even if he is switching domains. That means that a specifically prepared website can launch some Javascript that records everything the user does afterwards including text input which naturally means usernames and passwords as well.
Sounds scary ? There is no fix for this vulnerability yet other than to disable Javascript or allow it only on trusted domains. Some researchers claim that other browsers are affected as well but have failed to deliver proof for those claims yet. It would not hurt however to use the Firefox add-on No Script for instance.
The vulnerability can be tested on this page if you visit it with Internet Explorer. It opens a new window and records the user input on that domain. There is an explanation from the same researcher available.
You better stop using Internet Explorer for now
Sounds scary ? There is no fix for this vulnerability yet other than to disable Javascript or allow it only on trusted domains. Some researchers claim that other browsers are affected as well but have failed to deliver proof for those claims yet. It would not hurt however to use the Firefox add-on No Script for instance.
The vulnerability can be tested on this page if you visit it with Internet Explorer. It opens a new window and records the user input on that domain. There is an explanation from the same researcher available.
You better stop using Internet Explorer for now
